I use DotNetOpenAuth in my Asp.Net application.
I want to create a login page where user can choose among most common OpenID providers like google, yahoo...
I'd like to have image buttons like SO login.
1) Is there a best practice to achieve this? (Like a free/open asp.net control)
2) Do you have a list of common Discovery URLS?
https://www.google.com/accounts/o8/id (google)
https://me.yahoo.com (yahoo)
...
update
Just for info I've found also this:
socialauth-net
I believe this is what you're looking for: http://code.google.com/p/openid-selector/
You can check out this page which shows how to do OpenID Authentication using ASP.NET/MVC. If you are not using MVC, then check out this page (see cautionary comment below), which shows how to do it in C#/ASP.NET without any MVC.
Also check out StackApps and Stacky which help you implement some of the Stack Overflow type stuff in .NET.
Finally, if you need a list of providers/discovery list, check out this list!
Related
I have configured emberjs to use IDS4 before but I use it with simple auth and torii - however - on the site I am building now I do not want a pop up for auth and i also want to allow users to register through my site.
WRT the 1st issue - no popup - I can see that I can use
mgr.signinRedirect();
As shown in https://github.com/IdentityServer/IdentityServer4.Samples/blob/release/Quickstarts/7_JavaScriptClient/src/JavaScriptClient/wwwroot/app.js#L41
But that would mean hosting the login page as part of IDS and that means maintaining the CSS, markup and JS to make it look like it's a part of the main site - this I do not want to have to do.
What is the way to handle this?
The EmberJs site has a .NET webapi backing it - is there a way to POST the username / pass to the API and have the API proxy the auth?
WRT the 2nd issue - registration - I guess the question is - is there a way to do the same as above? send the new user details to the API and have that issue the request to IDS to create the user?
[UPDATE]
From looking around the quickstarts it seems there is no way to allow a JS client to register and authenticate without using a popup or a redirect to the views hosted on IDS... am i right?
This is crazy...
With Twitter's new OAuth interface, their API is now many times more complex than what it was. And I haven't even looked at Facebook's API yet.
What I'm wondering if there is a method that employs some higher-level, existing code or interfaces to make this a simpler task.
All I want to be able to do is initiate a Twitter tweet or Facebook share on the user's behalf and be able to control the initial text of those messages, from an ASP.NET application.
I found some similar questions on SO, but they had no answers.
EDIT: I know there are things like AddThis and ShareThis, but I need something that will give me control over the default message. It must contain a link with a code that is specific to the current user.
Twitter Integration...
For making Tweets from an ASP.NET application on users' behalf, check out Twitterizer. It's a free, open-source project for integrating with Twitter from .NET applications.
I agree that using OAuth can be a bit daunting, but the Twitterizer API wraps up most of the complexity. I've written an article on using Twitterizer in an ASP.NET application that you may be interested in: Integrating Twitter Into An ASP.NET Website Using OAuth. After reading the article, download the code sample at the end, which is a working demo showing how to use Twitterizer to post a tweet from an ASP.NET website.
Facebook Integration...
For integrating with Facebook, chcek out the Facebook Developer Toolkit. Like Twitterizer, it's an open-source, free API and should get you going in the right direction.
Happy Programming!
After looking around for a while, I found sharethis.com. They have various share buttons you can add to your site that send Twitter tweets, Facebook shares, etc.
It looks like it also supports options to control the URL, so I could modify this to include whatever URL I need.
I haven't yet figured out if I can control the default message text. I'm looking into that.
But it seems like this is probably the simplest way to accomplish what I want.
This is probably what you're after for twitter: https://twitter.com/about/resources/buttons#tweet
Let's you configure a button (or URL to redirect to) that starts the user off with some default text. The user can change the text before they post.
Don't know about facebook.
Twitter Integration:
Check this code and link/article simple and easy :
protected void btnTweet_Click(object sender, EventArgs e)
{
string oauthAccessToken = Session["twtoken"].ToString();
string oauthAccessTokenSecret = Session["twsecret"].ToString();
OAuthHelper oauthhelper = new OAuthHelper();
oauthhelper.TweetOnBehalfOf(oauthAccessToken, oauthAccessTokenSecret, txtTweet.Text);
if (string.IsNullOrEmpty(oauthhelper.oauth_error))
Response.Write("Twit Posted Successfully");
else
Response.Write(oauthhelper.oauth_error);
}
Read more how to get access token and secret key and download OAuthHelper and OAuthUtility Class below is the link -
How to post tweet on behalf of an user from asp.net using oauth authentication
Login with twitter using oauth authentication in asp.net and get access token, screen name and userid
I am using C# Razor in order to make a social network. There are wepages that contain sensible data and I don't want someone to go to that url and see it. Not even by going to the Inspect Element and open it through there. So is there a way to warn the user that "This web page is not allowed"?
You have to implement authentication and authorization in order to control who can actually access any given route in an mvc application. I can only recommend that you start by reading the official site www.asp.net/mvc/overview/security about authorization and authentication.
With the proper authentication/authorization the server will simply not send any data, or you could redirect to a specific "not allowed page"
I agree with Louis, you should get this book here which helped me a ton. http://www.apress.com/9781430257523
The literal answer you are looking for concerns the use of authorization attributes you place above controller actions or controllers themselves. So an action might look like this
[Authorize]
public ActionResult UserAccount(Guid id){...}
By setting up authentication using ASP.Net Identity you will be able to automatically redirect visitors who are not logged in to another page etc.
Also if you need to make sure that the current logged in user is not going to (for example) another user's personal page (account settings?) you would do a simple check on the server side to prevent this. Something like so (Pseudo code)
if(User.Identity.GetUserId() != account.OwningUserId)
return RedirectToAction("404", "Shared");
I'm using the Thinktecture.IdentityServer.v2 app to perform SSO for a couple of internal apps but would like to customize the login page for each application to have a smoother user experience. I can't seem to find a way to do that.
Can the login page be customized depending on the source application from where the client is comming?
"I can't seem to find a way to do that." - How hard have you tried? ;)
The RP has the extra data fields - so you can hang like a CSS name off the RP in the registration database. Further you can get to that RP data from the signin page - quoting the comment in AccountController:
// you can call AuthenticationHelper.GetRelyingPartyDetailsFromReturnUrl to get more information about the requested relying party
btw - IdentityServer's github repo has an issue tracker - you should use that for questions.
You can always have the RP pass a custom query string param and customize off of that. But you're outside the bounds of WS-Federation at that point. Plus, you must think about the nature of SSO -- the user is really signing into the IdP, not the app. So changing the IdP to look like the app is somewhat disingenuous.
I have solved this by customizing the SignIn.cshtml to adjust the style to what I need. Additionally, I have server side code in the top of SignIn.cshtml that does some string matching on the ReturnUrl (Request.QueryString["ReturnUrl"]). Then I show a different logo and header text based on some values I know to be unique for the different RP urls.
When upgrading to a new version of the ThinkTecture MVC, it will be a small job to update only this file to your specifics (just remember to have a copy of your modified SignIn.cshtml before you upgrade).
I'm using an action filter that checks what browser version is being used on my site, if it's an older browser I put up a div at the top asking them to upgrade. I don't want web crawlers to get the div message, so I've implemented HttpBrowserCapabilitiesBase.Crawler and it looks like it works for Google, but Bing and the others don't seem to register as crawlers. Strange for a Microsoft product to not notice Bing as a crawler!
Is there some way to add user agents to the crawler property or something?
Thanks!
Edited: I'm using asp.net mvc 3, it looks like I need to user .Browser files(?). Anyone know of a comprehensive set of .Browser files out there for Bing and the rest of the crawlers?
You will probably need to update your browscap.ini file as the one shipped with IIS is probably old. You can get a new one at one of the following URLs:
http://browsers.garykeith.com/downloads.asp
http://owenbrady.net/browsercaps/
browscap.ini usually lives at: c:\windows\system32\inetsrv\browscap.ini
We're not using MVC but we do this:
Regex.IsMatch(Request.UserAgent, #"bot|crawler|baiduspider|80legs|ia_archiver|voyager|curl|wget|yahoo! slurp|mediapartners-google", RegexOptions.IgnoreCase);
More options in my answer here:
Detecting honest web crawlers